NIST publishes draft guidance for integrating software security concepts into cloud operations

The National Institute of Standards and Technology has published draft guidance for integrating software supply chain security into the development, security and operations paradigm for cloud-native applications, based on the NIST Secure Software Development Framework.

The initial public draft of NIST Special Publication 800-204D, “Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines,” was published Wednesday. It is open for public comment until October 13.

The draft is part of a series of publications “which...